REMARKS 

The present application was filed on November 26, 2003 with claims 1-20, all of which 
remain pending. Claims 1,18 and 20 are the independent claims. 

Claims 1, 18 and20 are rejected under 35 U.S.C. §1 12, first paragraph, as allegedly failing to 
comply with the written description requirement. 

Claims 1-20 are rejected under 35 U.S.C. § 103(a) as being unpatentable over allegedly 
admitted prior art in view of U.S. Patent No. 7, 149,2 1 6 (hereinafter "Cheriton") and a document by 
J. Lee entitled "Security Overview" (hereinafter "Lee"). To reference the allegedly admitted prior 
art, the Examiner cites to the publication of the present application, U.S. Patent Application 
Publication No. 2005/0114655. 

In this response. Applicants respectfiiUy traverse the §112 and §103 (a) rejections. 
Applicants respectfiiUy request reconsideration of the application in view of the remarks to follow. 

With regard to the §112 rejection, the Examiner argues that the amendment to claims 1,18 
and 20 made by Applicants in the previous response constitutes new matter. Applicants respectfiiUy 
disagree. The amendment at issue adds a limitation to each of the independent claims reciting that 
the subtree comprises at least one node that is not a leaf node of the tree representation. The subtree 
referred to in the added limitation is the common subtree shared by two or more nodes of a given 
level of the tree representation. FIG. 3B of the drawings shows an example of the recited tree 
representation. In this example tiee representation 320, there are three levels, denoted Level 1, 
Level 2 and Level 3. As indicated in the specification at page 12, lines 21-22 and 26, Level 1 is a 
root level of the representation, and Level 3 is the final level of the tree representation and contains 
leaf nodes, each associated with a particular action. The tree representation 320 includes a common 
subtree shared by two or more nodes of a given level where the subtree comprises at least one node 
that is not a leaf node of the tree representation. For example, as clearly indicated in the portion of 
the specification cited by Applicants in their previous response, the two nodes 322A1 and 322A2, 
which are two of the nodes of Level 1 , share a common subtree 324 that includes at least one node at 
Level 2 and two leaf nodes at Level 3 . Thus, it is readily apparent that the common subtree 324 is a 
subtree that comprises at least one node that is not a leaf node of the tree representation 320. 
Accordingly, the rej ection under § 1 1 2, first paragraph, is believed to be entirely without merit and 
should be withdrawn. 
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With regard to the § 103(a) rejection, AppUcants submit that the Examiner has failed to 
establish a proper prima facie case of obviousness of claims 1 -20 in that the cited references, even if 
assumed to be combinable, fail to teach or suggest all the claim limitations, and in that no cogent 
motivation has been identified for combining the references or modifying the reference teachings to 
reach the claimed invention. 

Independent claim 1 is directed to a method of generating a representation of an access 
control list. The method includes the steps of determining a plurality of rules of the access control 
list, each of at least a subset of the rules having a plurality of fields and a corresponding action, and 
processing the rules to generate a multi-level tree representation of the access control list, each of 
one or more of the levels of the tree representation being associated with a corresponding one of the 
fields. The claim further specifies that at least one level of the tree representation comprises a 
plurality of nodes, with two or more of the nodes of that level having a common subtree, and the tree 
representation including only a single copv of that subtree . Moreover, the tree representation is 
characterizable as a directed graph in which each of the two nodes having the common subtree 
points to the single copy of the common subtree. 

Thus, in the claimed arrangement, a given level of a tree representation of an access control 
list comprises two or more nodes that have a common subtree, but the representation only includes a 
single copy of that subtree, with each of the two nodes having the common subtree pointing to the 
single copy of the common subtree. 

The Examiner in formulating the § 103(a) rejection acknowledges that the claim limitations 
relating to the common subtree are not shown in the collective teachings of the allegedly admitted 
prior art and Cheriton. See the final Office Action at page 4, third full paragraph. However, the 
Examiner argues that these limitations are shown in the Take-Grant Model on page 12 of Lee. 
Applicants respectfiilly disagree, and will demonstrate below that the Lee reference fails to meet the 
claim limitations relating to the common subtree. It should be understood that the following 
arguments directed to the Lee reference relative to the common subtree limitations of claim 1 are not 
attacking the Lee reference alone, but are instead intended to illustrate that the collective teachings 
of the allegedly admitted prior art, Cheriton and Lee fail to meet the limitations of claim 1. 

The Examiner characterizes the Take-Grant Model on page 12 of Lee as disclosing two or 
more nodes of a level of a tree representation pointing to a single copy of a common subtree. See 
the final Office Action at pages 4-5, last paragraph beginning on page 4. Applicants respectfully 
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submit that this is a mischaracterization of Lee. Lee describes the Take-Grant Model as comprising 
a directed graph version of the access control matrix . In this model, the nodes can be subject or 
object, and the labels between the nodes can have the values read, write, execute, take or grant. The 
Examiner argues that the limitation in question is met because "a plurality of nodes 'x & y' at one 
level point[s] to one node 'z.'" This argument is problematic for a number of reasons. First, the 
nodes x and y in the model are different subjects of an access control matrix, which is apparent from 
the fact that subject x can take the rights of subject y. Thus, there is no indication that the two nodes 
share a common level of a tree representation . Lee does not provide any description whatsoever 
regarding levels, but instead merely discloses a directed graph with labeled lines between nodes 
representative of subjects and objects of an access control matrix. Further, the object node z shown 
in Lee is not a common subtree of a tree representation, as alleged by the Examiner. Instead, as 
clearly described in Lee, it simply denotes a particular object that can be read (r) or written (w) by 
both subject x and subject y. 

Moreover, as indicated above. Applicants have previously amended independent claim 1 to 
specify that the recited common subtree comprises at least one node that is not a leaf node of the tree 
representation . The object node z is clearly a leaf node of the tree representation shown on page 12 
of Lee and relied upon by the Examiner. 

The Examiner at page 13, Section 6, of the final Office Action further argues the "direct 
coupling of the nodes to the common node 'z' is a one level implementation" but that page 12 of Lee 
nonetheless "clearly meets the breadth of the claim language." Applicants note that the claim 
language expressly recites that the common subtree shared by the two nodes at a given level must 
include at least one node that is not a leaf node of the representation. In the Lee arrangement, the 
object node z is clearly a leaf node, and thus the limitations are not met. Moreover, Lee specifically 
teaches that there are only two types of nodes, namely subject or object nodes, and the node z as an 
object node will apparently always be a leaf node in the Lee arrangement. The Examiner appears to 
be reading into the Lee reference teachings that are simply not there. 

It is therefore respectfully submitted that the Examiner has mischaracterized the Lee 
reference in alleging that the Take-Grant Model shown on page 12 of Lee meets the common subtree 
limitations of claim 1 , and thus the collective teachings of the cited references fail to meet each and 
every limitation of claim 1. 
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Applicants further note that one skilled in the art would not be motivated to apply the Take- 
Grant Model of Lee to the M-trie plus data structure of Cheriton because the former is explicitly 
described as a directed graph version of an access control matrix, where the nodes can be only 
subjects or objects of the access control matrix. Such a model appears to be incompatible with the 
M-trie plus data structure as shown in FIG. 2 of Cheriton. This is because the FIG. 2 data structure 
of Cheriton includes for each of the nodes 205, 210 and 215 an oppointer 220 that includes an 
address 225 and an opcode 230, which is an arrangement that does not appear to be consistent with 
the subject-object model of Lee. Accordingly, it is believed that attempting to incorporate the Take- 
Grant Model of Lee into the M-trie plus data structure of Cheriton would not "optimize the ACL 
representation by improve [sic] speed further and reduce redundancy." See the final Office Action 
at page 5, first full paragraph. To the contrary, such a combination would appear to be highly 
impractical and possibly unworkable. 

It is therefore believed that independent claim 1 is not obvious in view of the proposed 
combination of cited references. 

Independent claims 1 8 and 20 are believed allowable for reasons similar to those identified 
above with regard to independent claim 1 . 

Dependent claims 2-17 and 1 9 are believed allowable for at least the reasons identified above 
with regard to their respective independent claims. 

In view of the above. Applicants believe that claims 1-20 are in condition for allowance, and 
respectfully request withdrawal of the §103 (a) rejection. 

As indicated previously, a Notice of Appeal is submitted concurrently herewith. 




Respectfully submitted, 



Date: March 12, 2008 



Attorney for Applicant(s) 
Reg. No. 37,922 
Ryan, Mason & Lewis, LLP 
90 Forest Avenue 
Locust Valley, NY 11560 
(516) 759-7517 



Enclosure(s): Notice of Appeal 
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